Minor ReadMe updates and config files for Secret Manager (#379)

pmaytak · web-flow · commit 3c479b01776e · 2020-07-14T09:10:29.000-07:00
diff --git a/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-1-MyOrg/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-2-AnyOrg/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md b/1-WebApp-OIDC/1-2-AnyOrg/README-1-1-to-1-2.md
@@ -64,12 +64,13 @@ In the `Startup.cs` file, in the `ConfigureServices` method, after `services.Add
     {
     ...
     // Sign-in users with the Microsoft identity platform
-    services.AddMicrosoftWebAppAuthentication(Configuration, options =>
-    {
-        Configuration.Bind("AzureAd", options);
-        // Restrict users to specific belonging to specific tenants
-        options.TokenValidationParameters.IssuerValidator = ValidateSpecificIssuers;
-    }, options => Configuration.Bind("AzureAd", options));
+    services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+            .AddMicrosoftWebApp(options =>
+            {
+                Configuration.Bind("AzureAd", options);
+                // Restrict users to specific belonging to specific tenants
+                options.TokenValidationParameters.IssuerValidator = ValidateSpecificIssuers;
+            });
    ...
 ```
 
diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md b/1-WebApp-OIDC/1-3-AnyOrgOrPersonal/README.md
@@ -147,17 +147,15 @@ In the **appsettings.json** file:
               .AddAzureAD(options => Configuration.Bind("AzureAd", options));
      ```
 
-     by this line:
+   - by this line:
 
      ```CSharp
-
-    services.AddMicrosoftWebAppAuthentication(Configuration);
-
+     services.AddMicrosoftWebAppAuthentication(Configuration);
      ```
 
-     This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
+    This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.
 
-    1. Change the `Properties\launchSettings.json` file to ensure that you start your web app from <https://localhost:44321> as registered. For this:
+1. Change the `Properties\launchSettings.json` file to ensure that you start your web app from <https://localhost:44321> as registered. For this:
     - update the `sslPort` of the `iisSettings` section to be `44321`
     - in the `applicationUrl` property of use `https://localhost:44321`
 
diff --git a/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json b/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.local.json b/1-WebApp-OIDC/1-5-B2C/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json b/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json b/2-WebApp-graph-user/2-1-Call-MSGraph/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md b/2-WebApp-graph-user/2-3-Multi-Tenant/README-National-Cloud.md
@@ -236,8 +236,8 @@ These steps are encapsulated in the [Microsoft.Identity.Web](..\..\Microsoft.Ide
 In order to be able to sign-in users from multiple tenants, the [/common endpoint](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#update-your-code-to-send-requests-to-common) must be used. In the sample, this endpoint is used as a result of setting the value for `TenantId` as `organizations` on the `appsettings.json` file, and configuring the middleware to read the values from it.
 
 ```csharp
-services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
-                .AddAzureAD(options => configuration.Bind(configSectionName, options));
+services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
+        .AddMicrosoftWebApp(Configuration)
 ```
 
  You can read about the various endpoints of the Microsoft Identity Platform [here](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols#endpoints).
@@ -282,7 +282,7 @@ options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuer
 To extend this validation to only Azure AD tenants registered in the application database, the event handler `OnTokenValidated` was configured to grab the `tenantId` from the token claims and check if it has an entry on the database. If it doesn't, a custom exception `UnauthorizedTenantException` is thrown, canceling the authentication, and the user is redirected to the `UnauthorizedTenant` view. At this stage, the user is not authenticated in the application.
 
 ```csharp
-services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
+services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
 {
     options.Events.OnTokenValidated = async context => 
     {
diff --git a/3-WebApp-multi-APIs/Properties/serviceDependencies.json b/3-WebApp-multi-APIs/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/3-WebApp-multi-APIs/Properties/serviceDependencies.local.json b/3-WebApp-multi-APIs/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.json b/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-1-MyOrg/Client/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.json b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-1-MyOrg/TodoListService/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.json b/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-2-B2C/Client/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.json b/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.local.json b/4-WebApp-your-API/4-2-B2C/TodoListService/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.json b/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.local.json b/5-WebApp-AuthZ/5-1-Roles/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.json b/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets"
+    }
+  }
+}
diff --git a/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.local.json b/5-WebApp-AuthZ/5-2-Groups/Properties/serviceDependencies.local.json
@@ -0,0 +1,7 @@
+{
+  "dependencies": {
+    "secrets1": {
+      "type": "secrets.user"
+    }
+  }
+}
diff --git a/5-WebApp-AuthZ/5-2-Groups/Startup.cs b/5-WebApp-AuthZ/5-2-Groups/Startup.cs
@@ -38,24 +38,13 @@ public void ConfigureServices(IServiceCollection services)
             // Sign-in users with the Microsoft identity platform
             services.AddMicrosoftWebAppAuthentication(Configuration)
                     .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { "User.Read", "Directory.Read.All" })
-
-            // If you want to use group ids/names in the Authorize attribute then uncomment the following lines:
-            //services.Configure<OpenIdConnectOptions>(options =>
-            //        {
-            //            // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()	
-            //            // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.	
-            //            // Use the groups claim for populating roles	
-            //            options.TokenValidationParameters.RoleClaimType = "groups";
-            //        })
-
                     .AddInMemoryTokenCaches();
 
             services.AddMSGraphService(Configuration);
 
             services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => {
-                // Uncomment the following lines code instruct the asp.net core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInrole()
+                // The following code instructs the ASP.NET Core middleware to use the data in the "groups" claim in the [Authorize] attribute and for User.IsInRole()
                 // See https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles for more info.
-                // Use the groups claim for populating roles
                 options.TokenValidationParameters.RoleClaimType = "groups";
             });
 
